Journal beachdog's Journal: FreeBSD compared to two Linuxes: Which is a good secure desktop? 1
I set up one of my home computers with FreeBSD 8.0 and the Gnome desktop. I wanted to determine if it would be practical to offer a computer loaded with FreeBSD as a "very secure home computer". I also have installations of Ubuntu and CentOS (and of course Windows XP) for comparison.
The question I was exploring was which of these three open source operating systems and desktop would be the best combination of secure, supportable and livable if I handed the system off to a typical computer user.
While in the middle of this comparison, I received a pfish email based on my Facebook entry. There is a lot of trickery on the Internet that bypasses the most secure computer. Security requires an alert user . Part of a secure system must be helping the user recognize the phishes and other tricks.
While comparing systems, I note that my choices ultimately reflect my experience, not the absolute technical merit of FreeBSD or Linux.
The conclusion I have reached is not about the security or merits of the three systems ( FreeBSD, Ubuntu and CentOS ) rather it reflects my years of experience. I have 10 years with Red Hat based systems, 6 years with Debian based systems and 3 weeks with FreeBSD.
All of these secure desktop systems need a home router (like a Linksys WRT54G) and a UPS with power filtering. Last time I looked, sophisticated probes were hammering on the ethernet jack provided by my ISP (Comcast). The Linksys device blocks this stuff pretty well. I attribute getting 11 years with no motherboard or disk failures to the 11 year old APC brand UPS ahead of the PC.
First choice for a secure desktop: CentOS .
I installed from a CD. CentOS is like RedHat, it is slightly tilted for a business model where users do not perform system administration. I like the CentOS install CD. One reason is it can be written and read by the same "Windows quality" defective Sony DVD drive that messes up Ubuntu compressed files. The automatic update seems to work very well. The major distribution versions change fairly slowly. The CentOS forums and help pages are similar in competence to the FreeBSD forums.
Second choice for a secure desktop: Ubuntu.
I feel Ubuntu is slightly less secure than CentOS because the user can do all the system administration tasks with only the one user password. I have had enormous difficulties because a Sony DVD drive I owned wouldn't properly read or write the Ubuntu Install CD. In my experience, Ubuntu version upgrades come a bit too fast for my administrative energy level. For a slow to upgrade user (like me), the deliberately faster upgrade cycle isn't worth the intrusion on my schedule. Ubuntu has a good manual and a forum system that reflects energy and enthusiasm with a bit more inexperience.
Third choice for a secure desktop is FreeBSD.
I used a FreeBSD version 8.0 install DVD. FreeBSD replaced the CentOS boot sector programs with it's two boot menus. The first menu carefully provides boot service to an existing Linux system. The second menu provides boot options and rescue modes for the FreeBSD system.
The process of installing FreeBSD went quite rapidly up to the point where I had a classic command line Unix screen. My lack of experience began to show as I worked to install X and the Gnome desktop. FreeBSD offered during the install process to install hundreds of programs from a menu. I couldn't figure out what was required for X and Gnome. I used one computer with a working web browser to read the FreeBSD manual and then I manually typed in the package install commands on the FreeBSD console as the root user.
It is really interesting working with FreeBSD. They have a system for installing software from packages (pkg_install) and they have another system for installing software from source code (ports). The short story is I more or less installed X and Gnome twice. To finish the FreeBSD desktop install required a couple of file edits and Google searches on two error messages. The FreeBSD forums are orderly and have a number of very useful how-to guides. A neighbor who works with FreeBSD said it generally takes about a day of fiddling to get a graphical desktop running on FreeBSD. My time was a more than a CentOS install reflecting my inexperience.
There are aspects of the FreeBSD setup that are still unfinished. The desktop needs OpenOffice. Regarding the user level internet "security" that was the original goal of this project, I will have to do a good deal of study to understand the many fine points of FreeBSD security configuration.
Putting FreeBSD third on my list is not a judgement about FreeBSD. FreeBSD has long been known as a security oriented server operating system. In contrast Ubuntu is highly optimized to install a desktop with no configuration and CentOS also delivers a desktop as part of the basic install too.
The most time consuming part of the FreeBSD comparison was repartitioning a CentOS system to make space for FreeBSD. I had to repartition a 160 Gigabyte disk drive that was dedicated to a CentOS system. The disk had a stable Centos 3.2 installation with about 90 Gigs of space used. Repartitioning required 4 steps. First, the
A BSD Recommendation (Score:2)